AntiSpam

De Alternux.

host name based greylisting (hbs-greylisting)

It's easy, and I believe it's useful. So here goes.

In normal installation, you check all of incoming connections through postgrey like: 

   smtpd_recipient_restrictions =
     permit_mynetworks
     ...
     reject_unauth_destination
     check_policy_service inet:127.0.0.1:10023

This is what described in Postgrey documentation. But, this way, you have to be careful keeping whitelist up-to-date so that your server won't reject or put unnecessary delay for messages from legitimate clients. Also, your database may contain many legitimate clients' addresses.

Since most of UCE/UBE messages that are blocked by postgrey come from unresolvable or dynamically-assigned addresses, you can check only those suspicious clients by postgrey and let others pass unchecked, by configuring postfix as follows:

main.cf ---- 
   smtpd_restriction_classes =
     check_greylist

   check_greylist = check_policy_service inet:127.0.0.1:10023

   smtpd_recipient_restrictions =
     permit_mynetworks
     ...
     reject_unauth_destination
     check_client_access regexp:/etc/postfix/check_client_fqdn
check_client_fqdn ---- 
   /^unknown$/                                  check_greylist
   /^[^\.]*[0-9][^0-9\.]+[0-9]/                 check_greylist
   /^[^\.]*[0-9]{5}/                            check_greylist
   /^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]/ check_greylist
   /^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]/            check_greylist
   /^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./    check_greylist
   /^(dhcp|dialup|ppp|adsl)[^\.]*[0-9]/         check_greylist

This technique is proposed by SATOH Kiyoshi (http://k2net.hakuba.jp/rgrey/, in Japanese), and getting popularity among mail administrators in Japan. I call this "Hostname-based Selective Greylisting" ("hbs-greylisting" for short). (*) 

 (*) Mr. Satoh calls his technique "S25R + Greylisting".  S25R
 (Selective SMTP Rejection) is a technique that unconditionally
 rejects those hosts that matched regexps unless whitelisted.
 (http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html)
 Satoh's technique is a safer alternative that combines S25R and
 greylisting.  I thought the name "Selective Greylisting" would be
 more apropriate but this is already used by Christian Mock to mean
 yet another technique (http://www.tahina.priv.at/~cm/spam/).  Hence
 I coined a name "Hostname-based Selective Greylisting".

The effect of greylisting is slightly impaired with hbs-greylisting because UCE/UBEs from hosts that do not match the regexps are no longer blocked. But there are many benefits:

  • Safer - The risk of rejecting legitimate clients becomes lower.
  • Easier - The conservative nature of the technique makes maintenance 
    of whitelist rarely needed.
  • Still effective - Almost all of UCE/UBEs that are blocked by normal 
    greylisting are also blocked by hbs-greylisting.  (According to
    http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html,
    98% of UCE/UBE-sending hosts matches to the regexps above.)
  • Requires less space - Postgrey database now contains less entries.
Récupérée de « http://www.alternux.fr/mediawiki/AntiSpam »